Re: amcrypt: deprecated key derivation used
Am 06.05.22 um 12:34 schrieb Exuvo: Sorry for a lot of replies. never mind, I am happy to get help and some communication going Added your suggestion with: echo "$@" > /tmp/encryptparams now I looked at my config and i only use estimate calcsize and estimate server as estimate client was so slow when it was using that. I probably never tested my encryption script with estimate client which i think is the default. In my case it's using "estimate server" already. Ah, your next reply comes in right now ;-) (this might work better in some forum or chat. Or even in the github issue?)
Re: amcrypt: deprecated key derivation used
Given that the normal amcrypt scripts work it must be some of the setup rows
they have that are needed. They seemed superfluous for my use so i removed them.
Try prepending the following to the script:
prefix="/usr"
exec_prefix="${prefix}"
sbindir="/usr/bin"
amlibexecdir="/usr/lib/amanda"
. "${amlibexecdir}/amanda-sh-lib.sh"
OPENSSL= # whatever's in $PATH
# where might openssl be?
PATH=/bin:/usr/bin:/usr/local/bin:/usr/ssl/bin:/usr/local/ssl/bin:/opt/csw/bin
export PATH
ME=`basename "$0"`
if [ -z "${OPENSSL:=`which openssl`}" ]; then
echo `_ '%s: openssl not found' "${ME}"` >&2
exit 1
elif [ ! -x "${OPENSSL}" ]; then
echo `_ "%s: can't execute %s (%s)" "${ME}" "openssl" "${OPENSSL}"` >&2
exit 1
fi
And then replace /usr/bin/openssl with "${OPENSSL}" at the bottom.
Anton "exuvo" Olsson
[email protected]
On 2022-05-06 12:34, Exuvo wrote:
Sorry for a lot of replies.
I looked at my config and i only use estimate calcsize and estimate server as
estimate client was so slow when it was using that.
I probably never tested my encryption script with estimate client which i think
is the default.
Anton "exuvo" Olsson
[email protected]
On 2022-05-06 12:29, Exuvo wrote:
Actually it might be related to the estimates. Try and see if it works if you use another estimate
mode like "estimate server" or "estimate calcsize".
Anton "exuvo" Olsson
[email protected]
On 2022-05-06 12:21, Exuvo wrote:
I have never used amsamba, i only use dd and tar type backups.
If you change my encryption script to write its arguments and errors to a file
it might be easier to see what is going wrong or if amsamba uses it differently
somehow.
echo "$@" > /tmp/encryptparams
/usr/bin/openssl enc -pbkdf2 -e -aes-256-ctr -salt -pass fd:3 3< "${PASSPHRASE}"
2> /tmp/encrypterrors
Anton "exuvo" Olsson
[email protected]
On 2022-05-06 11:03, Stefan G. Weichinger wrote:
Am 04.05.22 um 16:46 schrieb Exuvo:
Ah yes my RANDFILE was probably already created long ago when i initially set
up encryption.
From what i have read the random file is not really on most systems as it is
only there to help with low entropy systems (ie server that does nothing most
of the time).
Each time openssl runs it uses that file (if specified) for random seeds and at
command end it replaces the file with 256 new bytes of randomness for the next
invocation.
It is not needed for decryption.
From the man page the digest is only used to create the real encryption key
from the text key you supply. It should not affect speed at all.
The default digest is sha-256, sha-512 just has more bits. The only thing you
would gain is more protection against brute force attacks i think.
Thanks, great.
As mentioned on Github, I still see issues with your crypt-script when combined with
amsamba: that leads to dumps with "missing size line from sendbackup". Would be
great to get that fixed as well.
I will try to streamline and cleanup my config and report the actual dumptype
definition.
Re: amcrypt: deprecated key derivation used
Sorry for a lot of replies. I looked at my config and i only use estimate calcsize and estimate server as estimate client was so slow when it was using that. I probably never tested my encryption script with estimate client which i think is the default. Anton "exuvo" Olsson [email protected] On 2022-05-06 12:29, Exuvo wrote: Actually it might be related to the estimates. Try and see if it works if you use another estimate mode like "estimate server" or "estimate calcsize". Anton "exuvo" Olsson [email protected] On 2022-05-06 12:21, Exuvo wrote: I have never used amsamba, i only use dd and tar type backups. If you change my encryption script to write its arguments and errors to a file it might be easier to see what is going wrong or if amsamba uses it differently somehow. echo "$@" > /tmp/encryptparams /usr/bin/openssl enc -pbkdf2 -e -aes-256-ctr -salt -pass fd:3 3< "${PASSPHRASE}" 2> /tmp/encrypterrors Anton "exuvo" Olsson [email protected] On 2022-05-06 11:03, Stefan G. Weichinger wrote: Am 04.05.22 um 16:46 schrieb Exuvo: Ah yes my RANDFILE was probably already created long ago when i initially set up encryption. From what i have read the random file is not really on most systems as it is only there to help with low entropy systems (ie server that does nothing most of the time). Each time openssl runs it uses that file (if specified) for random seeds and at command end it replaces the file with 256 new bytes of randomness for the next invocation. It is not needed for decryption. From the man page the digest is only used to create the real encryption key from the text key you supply. It should not affect speed at all. The default digest is sha-256, sha-512 just has more bits. The only thing you would gain is more protection against brute force attacks i think. Thanks, great. As mentioned on Github, I still see issues with your crypt-script when combined with amsamba: that leads to dumps with "missing size line from sendbackup". Would be great to get that fixed as well. I will try to streamline and cleanup my config and report the actual dumptype definition.
Re: amcrypt: deprecated key derivation used
Actually it might be related to the estimates. Try and see if it works if you use another estimate mode like "estimate server" or "estimate calcsize". Anton "exuvo" Olsson [email protected] On 2022-05-06 12:21, Exuvo wrote: I have never used amsamba, i only use dd and tar type backups. If you change my encryption script to write its arguments and errors to a file it might be easier to see what is going wrong or if amsamba uses it differently somehow. echo "$@" > /tmp/encryptparams /usr/bin/openssl enc -pbkdf2 -e -aes-256-ctr -salt -pass fd:3 3< "${PASSPHRASE}" 2> /tmp/encrypterrors Anton "exuvo" Olsson [email protected] On 2022-05-06 11:03, Stefan G. Weichinger wrote: Am 04.05.22 um 16:46 schrieb Exuvo: Ah yes my RANDFILE was probably already created long ago when i initially set up encryption. From what i have read the random file is not really on most systems as it is only there to help with low entropy systems (ie server that does nothing most of the time). Each time openssl runs it uses that file (if specified) for random seeds and at command end it replaces the file with 256 new bytes of randomness for the next invocation. It is not needed for decryption. From the man page the digest is only used to create the real encryption key from the text key you supply. It should not affect speed at all. The default digest is sha-256, sha-512 just has more bits. The only thing you would gain is more protection against brute force attacks i think. Thanks, great. As mentioned on Github, I still see issues with your crypt-script when combined with amsamba: that leads to dumps with "missing size line from sendbackup". Would be great to get that fixed as well. I will try to streamline and cleanup my config and report the actual dumptype definition.
Re: amcrypt: deprecated key derivation used
I have never used amsamba, i only use dd and tar type backups.
If you change my encryption script to write its arguments and errors to a file
it might be easier to see what is going wrong or if amsamba uses it differently
somehow.
echo "$@" > /tmp/encryptparams
/usr/bin/openssl enc -pbkdf2 -e -aes-256-ctr -salt -pass fd:3 3< "${PASSPHRASE}"
2> /tmp/encrypterrors
Anton "exuvo" Olsson
[email protected]
On 2022-05-06 11:03, Stefan G. Weichinger wrote:
Am 04.05.22 um 16:46 schrieb Exuvo:
Ah yes my RANDFILE was probably already created long ago when i initially set
up encryption.
From what i have read the random file is not really on most systems as it is
only there to help with low entropy systems (ie server that does nothing most
of the time).
Each time openssl runs it uses that file (if specified) for random seeds and at
command end it replaces the file with 256 new bytes of randomness for the next
invocation.
It is not needed for decryption.
From the man page the digest is only used to create the real encryption key
from the text key you supply. It should not affect speed at all.
The default digest is sha-256, sha-512 just has more bits. The only thing you
would gain is more protection against brute force attacks i think.
Thanks, great.
As mentioned on Github, I still see issues with your crypt-script when combined with
amsamba: that leads to dumps with "missing size line from sendbackup". Would be
great to get that fixed as well.
I will try to streamline and cleanup my config and report the actual dumptype
definition.
Re: amcrypt: deprecated key derivation used
Am 04.05.22 um 16:46 schrieb Exuvo: Ah yes my RANDFILE was probably already created long ago when i initially set up encryption. From what i have read the random file is not really on most systems as it is only there to help with low entropy systems (ie server that does nothing most of the time). Each time openssl runs it uses that file (if specified) for random seeds and at command end it replaces the file with 256 new bytes of randomness for the next invocation. It is not needed for decryption. From the man page the digest is only used to create the real encryption key from the text key you supply. It should not affect speed at all. The default digest is sha-256, sha-512 just has more bits. The only thing you would gain is more protection against brute force attacks i think. Thanks, great. As mentioned on Github, I still see issues with your crypt-script when combined with amsamba: that leads to dumps with "missing size line from sendbackup". Would be great to get that fixed as well. I will try to streamline and cleanup my config and report the actual dumptype definition.
Re: amcrypt: deprecated key derivation used
Hi, On topic of low entropy: if you're not already familiar with it, please take a look at https://github.com/jirka-h/haveged especially for headless systems. Cheers, Kees On 04-05-2022 16:46, Exuvo wrote: Ah yes my RANDFILE was probably already created long ago when i initially set up encryption. From what i have read the random file is not really on most systems as it is only there to help with low entropy systems (ie server that does nothing most of the time). Each time openssl runs it uses that file (if specified) for random seeds and at command end it replaces the file with 256 new bytes of randomness for the next invocation. It is not needed for decryption. From the man page the digest is only used to create the real encryption key from the text key you supply. It should not affect speed at all. The default digest is sha-256, sha-512 just has more bits. The only thing you would gain is more protection against brute force attacks i think. Anton "exuvo" Olsson [email protected] On 2022-05-04 13:02, Stefan G. Weichinger wrote: Am 04.05.22 um 12:46 schrieb Stefan G. Weichinger: Am 04.05.22 um 11:36 schrieb Exuvo: Yeah the included ossl usage is using old key derivation. On my installation i have replaced amcrypt-ossl usage with: # cat /etc/amanda/encrypt #!/bin/bash AMANDA_HOME=~amanda PASSPHRASE=$AMANDA_HOME/.am_passphrase # required RANDFILE=$AMANDA_HOME/.rnd export RANDFILE at first things were failing, the "not found" was misleading me, as I assumed the wrapper file was missing (I decided to create "/usr/sbin/exuvo_crypt" ;-) ). Turns out that the RANDFILE was missing, created one by: backup:~$ dd if=/dev/urandom of=.rnd bs=256 count=1 I assume I should store/backup that one alongside the encryption passphrase somewhere? Is it needed for decryption? First dump looks good now, on to some restore tests. btw: I also read of "-md sha512" to speed up ... obsolete when using "-aes-256-ctr" maybe? If I change encryption now it would be the time to get it right. thanks so far!
Re: amcrypt: deprecated key derivation used
Ah yes my RANDFILE was probably already created long ago when i initially set up encryption. From what i have read the random file is not really on most systems as it is only there to help with low entropy systems (ie server that does nothing most of the time). Each time openssl runs it uses that file (if specified) for random seeds and at command end it replaces the file with 256 new bytes of randomness for the next invocation. It is not needed for decryption. From the man page the digest is only used to create the real encryption key from the text key you supply. It should not affect speed at all. The default digest is sha-256, sha-512 just has more bits. The only thing you would gain is more protection against brute force attacks i think. Anton "exuvo" Olsson [email protected] On 2022-05-04 13:02, Stefan G. Weichinger wrote: Am 04.05.22 um 12:46 schrieb Stefan G. Weichinger: Am 04.05.22 um 11:36 schrieb Exuvo: Yeah the included ossl usage is using old key derivation. On my installation i have replaced amcrypt-ossl usage with: # cat /etc/amanda/encrypt #!/bin/bash AMANDA_HOME=~amanda PASSPHRASE=$AMANDA_HOME/.am_passphrase # required RANDFILE=$AMANDA_HOME/.rnd export RANDFILE at first things were failing, the "not found" was misleading me, as I assumed the wrapper file was missing (I decided to create "/usr/sbin/exuvo_crypt" ;-) ). Turns out that the RANDFILE was missing, created one by: backup:~$ dd if=/dev/urandom of=.rnd bs=256 count=1 I assume I should store/backup that one alongside the encryption passphrase somewhere? Is it needed for decryption? First dump looks good now, on to some restore tests. btw: I also read of "-md sha512" to speed up ... obsolete when using "-aes-256-ctr" maybe? If I change encryption now it would be the time to get it right. thanks so far!
Re: amcrypt: deprecated key derivation used
Am 04.05.22 um 12:46 schrieb Stefan G. Weichinger: Am 04.05.22 um 11:36 schrieb Exuvo: Yeah the included ossl usage is using old key derivation. On my installation i have replaced amcrypt-ossl usage with: # cat /etc/amanda/encrypt #!/bin/bash AMANDA_HOME=~amanda PASSPHRASE=$AMANDA_HOME/.am_passphrase # required RANDFILE=$AMANDA_HOME/.rnd export RANDFILE at first things were failing, the "not found" was misleading me, as I assumed the wrapper file was missing (I decided to create "/usr/sbin/exuvo_crypt" ;-) ). Turns out that the RANDFILE was missing, created one by: backup:~$ dd if=/dev/urandom of=.rnd bs=256 count=1 I assume I should store/backup that one alongside the encryption passphrase somewhere? Is it needed for decryption? First dump looks good now, on to some restore tests. btw: I also read of "-md sha512" to speed up ... obsolete when using "-aes-256-ctr" maybe? If I change encryption now it would be the time to get it right. thanks so far!
Re: amcrypt: deprecated key derivation used
Am 04.05.22 um 11:36 schrieb Exuvo:
Yeah the included ossl usage is using old key derivation. On my
installation i have replaced amcrypt-ossl usage with:
# cat /etc/amanda/encrypt
#!/bin/bash
AMANDA_HOME=~amanda
PASSPHRASE=$AMANDA_HOME/.am_passphrase # required
RANDFILE=$AMANDA_HOME/.rnd
export RANDFILE
if [ "$1" = -d ]; then
/usr/bin/openssl enc -pbkdf2 -d -aes-256-ctr -salt -pass fd:3 3<
"${PASSPHRASE}"
else
/usr/bin/openssl enc -pbkdf2 -e -aes-256-ctr -salt -pass fd:3 3<
"${PASSPHRASE}"
fi
pbkdf2 to fix the deprecated key derivation, aes-256-ctr for better and
faster encryption (ctr can be parallelized). Also padding is not needed
with this encryption method.
But this obviously cant open old backups so keep this file separate from
amcrypt-ossl so you can still use the old one for old backups.
Sounds great, thanks! I currently try to adjust it to the debian
environment (amanda user "backup", paths etc).
While i am at it here is my file for better compression using zstd:
# cat /etc/amanda/zstd-compression3
#!/bin/bash
if [[ "$1" == "-d" ]]; then
zstd -dqcf
else
zstd -qc -3 -T0
fi
That might be a future improvement. I already have a dumptype doing
that, according to an earlier thread you started (?).
Re: amcrypt: deprecated key derivation used
Yeah the included ossl usage is using old key derivation. On my installation i
have replaced amcrypt-ossl usage with:
# cat /etc/amanda/encrypt
#!/bin/bash
AMANDA_HOME=~amanda
PASSPHRASE=$AMANDA_HOME/.am_passphrase # required
RANDFILE=$AMANDA_HOME/.rnd
export RANDFILE
if [ "$1" = -d ]; then
/usr/bin/openssl enc -pbkdf2 -d -aes-256-ctr -salt -pass fd:3 3<
"${PASSPHRASE}"
else
/usr/bin/openssl enc -pbkdf2 -e -aes-256-ctr -salt -pass fd:3 3<
"${PASSPHRASE}"
fi
pbkdf2 to fix the deprecated key derivation, aes-256-ctr for better and faster
encryption (ctr can be parallelized). Also padding is not needed with this
encryption method.
But this obviously cant open old backups so keep this file separate from
amcrypt-ossl so you can still use the old one for old backups.
While i am at it here is my file for better compression using zstd:
# cat /etc/amanda/zstd-compression3
#!/bin/bash
if [[ "$1" == "-d" ]]; then
zstd -dqcf
else
zstd -qc -3 -T0
fi
Anton "exuvo" Olsson
[email protected]
On 2022-05-04 08:28, Stefan G. Weichinger wrote:
Am 17.12.21 um 04:35 schrieb Stefan G. Weichinger:
That's an old one, but as far as I see, not fixed yet:
I get problems with DLEs using amcrypt-ossl.
The message in amstatus contains "deprecated key derivation used".
This seems to point to something like this issue:
https://unix.stackexchange.com/questions/507131/openssl-1-1-1b-warning-using-iter-or-pbkdf2-would-be-better-while-decrypting
Ah, and we have an zmanda/amanda issue for more than two years here also:
https://github.com/zmanda/amanda/issues/112
Still hitting this issue.
patched a server today, but I get FAILED:
"[missing size line from sendbackup]"
Anyone having seen that?
Re: amcrypt: deprecated key derivation used
Am 17.12.21 um 04:35 schrieb Stefan G. Weichinger: That's an old one, but as far as I see, not fixed yet: I get problems with DLEs using amcrypt-ossl. The message in amstatus contains "deprecated key derivation used". This seems to point to something like this issue: https://unix.stackexchange.com/questions/507131/openssl-1-1-1b-warning-using-iter-or-pbkdf2-would-be-better-while-decrypting Ah, and we have an zmanda/amanda issue for more than two years here also: https://github.com/zmanda/amanda/issues/112 Still hitting this issue. patched a server today, but I get FAILED: "[missing size line from sendbackup]" Anyone having seen that?
